Thomas Raehalme <thomas.raehalme@...> writes:

> Hi,
> Previously we have used Atlassian Crowd as a source for user data in
> various applications, both in-house built and proprietary such as JIRA
> or Confluence. As we have deployed FreeIPA, I would like to start
> using it as the identity source. Unfortunately using Kerberos is not
> always possible so I am thinking about LDAP which often is an option
> in 3rd party applicaitons.
> Anonymous access to the FreeIPA LDAP is enabled by default. Is it
> possible to configure username/password to access the information?
> Currently vSphere has a problem with anonymous access to LDAP not
> working as intended. Ofcourse it would be nice to be able to restrict
> access anyways.
> If using FreeIPA LDAP as the identity source, how should
> authentication be handled? Is it possible to read the hash code for
> passwords? Is it possible to authenticate against the LDAP service?
> Any advice appreciated!
> Best regards,
> Thomas


I have just successfully configured confluence and jira to use FreeIPA for 
its LDAP user directory.

First, create an IPA user group for confluence-users and jira-users using 
the IPA dashboard. Then add a user to both of these groups.

If you navigate to the confluence and jira dashboards and then in the "User 
Directories" settings menu add a "Generic Directory Server" and then use the 
following settings...

Base DN: You can find this in your IPA config.
Additional User DN: cn=users,cn=accounts
Additional Group DN: cn=groups,cn=accounts
LDAP Permissions: Read Only

Advanced Settings - Defaults are fine for this section

User Schema Settings    
User Object Class:              inetorgperson
User Object Filter:             (objectclass=inetorgperson)
User Name Attribute:            uid
User Name RDN Attribute:        uid
User First Name Attribute:      givenName
User Last Name Attribute:       sn
User Display Name Attribute:    displayName
User Email Attribute:           mail
User Password Attribute:        userPassword
User Password Encryption:       SHA
User Unique ID Attribute:       ipaUniqueID

Group Schema Settings           
Group Object Class      ipausergroup
Group Object Filter     (objectclass=ipausergroup)
Group Name Attribute    cn
Group Description       description

Membership Schema Settings      
Group Members Attribute: member
User Membership Attribute: member (This is not used due to the next option)
User the User Membership Attribute: (Ensure this is unchecked, it is not 

Now save and test using the user who is in the groups created above.

Hope this helps someone.


Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to